Skip to main content
SpringerLink
Log in

An Efficient Computer Forensics Selective Imaging Model

  • Conference paper
Future Information Technology

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 276))

Abstract

Selective imaging is a new concept in computer forensics. It is used for collecting only the data that is relevant to the crime and helps in improves the scalability of the investigation process. However, the current selective imaging approaches directly image the identified data without considering their offsets on the targeted user storage. This paper investigates the impact of the relevant data offsets on the efficiency of the selective imaging process. A practical selective imaging model is presented which includes a digital evidence ordering algorithm (DEOA) for ordering the selected relevant data items. The proposed selective imaging model has been implemented and evaluated in different types of storage devices. The evaluation result shows that even if our proposed algorithm has a small efficiency negative impact before the imaging process starts; it has a large positive effect on the efficiency of the selective imaging process itself.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kenneallya, E.E., Brown, C.L.T.: Risk sensitive digital evidence collection. Digital Investigation 2(2), 101–119 (2005)

    Article  Google Scholar 

  2. Turner, P.: Selective and intelligent imaging using digital evidence bags. Digital Investigation 3(1), 559–564 (2006)

    Google Scholar 

  3. Stüttgen, J.: Selective Imaging: Creating Efficient Forensic Images by Selecting Content First. Mannheim University (2011)

    Google Scholar 

  4. Turner, P.: Digital provenance - interpretation, verification and corroboration. Digital Investigation 2(1), 45–49 (2005)

    Article  Google Scholar 

  5. Turner, P.: Unification of digital evidence from disparate sources (Digital Evidence Bags). Digital Investigation 2(3), 223–228 (2005)

    Article  Google Scholar 

  6. Richard, G., Roussev, V.: Breaking the performance wall: The case for distributed digital forensics. Paper presented at the Proceedings of the 2004 Digital Forensics Research Workshop (DFRWS 2004), Baltimore, Maryland (2004)

    Google Scholar 

  7. Turner, P.: Applying a forensic approach to incident response, network investigation and system administration using Digital Evidence Bags. Digital Investigation 4(1), 30–35 (2007)

    Article  Google Scholar 

  8. Kloet, B., Metz, J., Mora, R.-J., Loveall, D., Schreiber, D.: libewf: project info. (2008), http://www.uitwisselplatform.nl/projects/libewf/

  9. Garfinkel, S., Malan, D.J., Dubec, K.-A., Stevens, C.C., Pham, C.: Disk imaging with the advanced forensic format, library and tools. In: Research Advances in Digital Forensics (Second Annual IFIP WG 11.9 International Conference on Digital Forensics). Springer (January 2006)

    Google Scholar 

  10. Cohen, M., Schatz, B.: Hash based disk imaging using AFF4. Digital Investigation 7, 121–128 (2010)

    Article  Google Scholar 

  11. Beebe, N.: Digital Forensics Research: The Bad, The God and the Unaddressed. In: Advances in Digital Forensics V - IFIP International Conference on Digital Forensics, Orlando, Florida, USA, pp. 17–36 (2009)

    Google Scholar 

  12. Beebe, N., Clark, J.: Dealing with Terabyte Data Sets in Digital Investigations. In: Pollitt, M., Shenoi, S. (eds.) Advances in Digital Forensics V. IFIP, vol. 194, pp. 3–16. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  13. Sanderson, P.: Mass image classification. Digital Investigation 3(4), 190–195 (2006)

    Article  MathSciNet  Google Scholar 

  14. Beebe, N.L., Clark, J.G.: Digital forensic text string searching: Improving information retrieval effectiveness by thematically clustering search results. Digital Investigation 4(1), 49–54 (2007)

    Article  Google Scholar 

  15. Richard, G., Roussev, V.: File System Support for Digital Evidence Bags. In: Olivier, M., Shenoi, S. (eds.) Internation al Federation for Information Processing. IFIP AICT, vol. 222, pp. 29–40. Springer, Boston (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Waleed Halboob & Khaled S. Alghathbar

  2. Departments of Information Systems, Collage of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia

    Khaled S. Alghathbar

  3. Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, 43400, Serdang, Selangor, Malaysia

    Waleed Halboob, Ramlan Mahmod, Nur Izura Udzir, Mohd. Taufik Abdullah & Ali Deghantanha

Authors
  1. Waleed Halboob
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Khaled S. Alghathbar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ramlan Mahmod
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nur Izura Udzir
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mohd. Taufik Abdullah
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Ali Deghantanha
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Seoul University of Science & and Technology (SeoulTech), Seoul, Korea, Republic of (South Korea)

    James J. (Jong Hyuk) Park

  2. SEECS, University of Ottawa, Ottawa, Ontario, Canada

    Ivan Stojmenovic

  3. School of Information and Communication Engineering, Chungbuk National University, Chungbuk, Korea, Republic of (South Korea)

    Min Choi

  4. Department of Languages and Informatics Systems, Polytechnic University of Catalonia, Barcelona, Spain

    Fatos Xhafa

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Halboob, W., Alghathbar, K.S., Mahmod, R., Udzir, N.I., Abdullah, M.T., Deghantanha, A. (2014). An Efficient Computer Forensics Selective Imaging Model. In: Park, J., Stojmenovic, I., Choi, M., Xhafa, F. (eds) Future Information Technology. Lecture Notes in Electrical Engineering, vol 276. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40861-8_41

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-40861-8_41

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-40860-1

  • Online ISBN: 978-3-642-40861-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation